Juniper Junos vulnerabilities

CVE-2025-52946 [HIGH] CVE-2025-52946: A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BGP update with a specifically malformed AS PATH to cause rpd to crash, resulting in a Denial of Service (DoS). Continuous receipt of the malformed AS PATH attribute will cause a sustained DoS cond

CVE-2025-52953 [HIGH] CWE-440 CVE-2025-52953: An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Network An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained

CVE-2025-52986 [MEDIUM] CWE-401 CVE-2025-52986: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (r A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain

CVE-2025-52951 [MEDIUM] CVE-2025-52951: A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos O A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, the 'payload-protocol' match is not being supported, causing an

CVE-2025-52958 [MEDIUM] CWE-617 CVE-2025-52958: A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos O A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead t

CVE-2025-52989 [MEDIUM] CWE-140 CVE-2025-52989: An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Ju An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part

CVE-2025-6549 [MEDIUM] CWE-863 CVE-2025-6549: An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Serie An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over

CVE-2025-52963 [MEDIUM] CWE-284 CVE-2025-52963: An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS all An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS:

CVE-2025-30644 [HIGH] CWE-122 CVE-2025-30644: A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Network A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued

CVE-2025-30648 [HIGH] CWE-20 CVE-2025-30648: An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks J An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes,

CVE-2025-30646 [HIGH] CWE-195 CVE-2025-30646: A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) o A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt

CVE-2025-21594 [HIGH] CWE-754 CVE-2025-21594: An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS). In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and pref

CVE-2025-21595 [HIGH] CWE-401 CVE-2025-21595: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine ( A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific A

CVE-2025-30659 [HIGH] CWE-130 CVE-2025-30659: An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash

CVE-2025-21591 [HIGH] CWE-805 CVE-2025-21591: A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks J A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets usin

CVE-2025-30647 [HIGH] CWE-401 CVE-2025-30647: A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine ( A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments

CVE-2025-30651 [HIGH] CWE-805 CVE-2025-30651: A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Ju A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When an attacker sends a specific ICMPv6 packet to an interface with "protocols router-advertisement" configured, rpd cras

CVE-2025-21601 [HIGH] CWE-573 CVE-2025-21601: An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Por An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to c

CVE-2025-30645 [HIGH] CWE-476 CVE-2025-30645: A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sust

CVE-2025-30658 [HIGH] CWE-401 CVE-2025-30658: A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of J A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client re